Overview

overview

10

Static

static

10

2264f9e9ec...ee.elf

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2264f9e9ec3736a89b2cdf9a926c70ee.elf

  • Size

    1.2MB

  • Sample

    240219-sfljlseg69

  • MD5

    2264f9e9ec3736a89b2cdf9a926c70ee

  • SHA1

    69684148423e3540f4f8c7bc787d102ea7b84db5

  • SHA256

    d8d522f2f72de16a235c17b6d32bad930d2a21a8c2664a76880c9b4b53ec1b58

  • SHA512

    39b6f2d778ce3c8832cfe13231edcc0a824c1f19aa6da5168cffd384edaaa033c75af87788ebc46087fbbe7b76d43b1c1f575d0b750d8e709616a903420d5461

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX4c2y1q2rJp0:745vRVJKGtSA0VWeoTu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      2264f9e9ec3736a89b2cdf9a926c70ee.elf

    • Size

      1.2MB

    • MD5

      2264f9e9ec3736a89b2cdf9a926c70ee

    • SHA1

      69684148423e3540f4f8c7bc787d102ea7b84db5

    • SHA256

      d8d522f2f72de16a235c17b6d32bad930d2a21a8c2664a76880c9b4b53ec1b58

    • SHA512

      39b6f2d778ce3c8832cfe13231edcc0a824c1f19aa6da5168cffd384edaaa033c75af87788ebc46087fbbe7b76d43b1c1f575d0b750d8e709616a903420d5461

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX4c2y1q2rJp0:745vRVJKGtSA0VWeoTu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks